1
24.7 Production Series / Re: DNS Over TLS Broken
« on: November 22, 2024, 09:32:05 pm »
...works just fine and stable here for years. Why complain?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
24.7 Production Series / Re: DNS Over TLS Broken
« on: November 22, 2024, 08:56:05 pm »
I would never use DoT with less than 4-5 servers configured...
3
24.7 Production Series / Re: [SOLVED] WebGUI reachable from other not allowed interfaces
« on: November 22, 2024, 04:01:23 pm »If I have two different interfaces with different subnets there usually is a good reason for this and therefore all (but very limited) traffic between these two interfaces should be blocked. Yes, it needs a block rule, that's **sense 101 ;-)
Well... I have a lots of different subnets. And for some clients the traffic is surely allowed to reach the LAN, depending on the use case of the VLAN/Subnet. But I was still surpised, that its just routed.
Like already mentioned, this is a OPNsense design then. Because with any enterprise FW you do not have this behavior. For a good reason.
But maybe an additional Help-Text would be good to make this clear.
"Only accept connections from the selected interfaces. Leave empty to listen globally. Use with care."
This is definitely not that clear. At least not to me. Because the initial connection was not coming from the LAN interface ingress.
If you know this behavior, sure its clear then.
If you allow HTTPS to any, I see no good reason why this should not include any random LAN/VLAN in your setup. It might be "surprising", but it's absolutly covered by the general rules of logic ;-)
4
24.7 Production Series / Re: [SOLVED] WebGUI reachable from other not allowed interfaces
« on: November 22, 2024, 03:21:37 pm »
If I have two different interfaces with different subnets there usually is a good reason for this and therefore all (but very limited) traffic between these two interfaces should be blocked. Yes, it needs a block rule, that's **sense 101 ;-)
5
General Discussion / Re: Where is the log in prompt!
« on: October 31, 2024, 08:48:22 pm »
That's why I proposed booting linux to see which hardware exactly lives in this box... ;-)
6
General Discussion / Re: Where is the log in prompt!
« on: October 31, 2024, 04:48:59 pm »
Serial for serial, VGA if you plan to have a monitor pluged in (from time to time).
Haven't tried recently installing with only one interface.
There should be a login promt at that stage, as can be seen here:
https://docs.opnsense.org/manual/install.html
under "Live Environment"...
Haven't tried recently installing with only one interface.
There should be a login promt at that stage, as can be seen here:
https://docs.opnsense.org/manual/install.html
under "Live Environment"...
7
General Discussion / Re: Where is the log in prompt!
« on: October 31, 2024, 03:49:50 pm »
Try to install your favourite linux (or BSD, if applicable) distro and have a look for the details of the hardware. Post info...
8
General Discussion / Re: Champagne anybody?
« on: October 31, 2024, 09:01:57 am »
Auja! Wir verlinken hier die schönsten Kommentare vom Heise-Forum! Dafür sollten wir ein eigens Board einrichten! :-D
9
General Discussion / Re: Champagne anybody?
« on: October 30, 2024, 11:35:40 am »
Can we summarize the discussion:
ipv6 is perfect, just the users are to dull to realize it?
A solution to the problem "smartphone", nothing else. Hmm, imho it's not worth the trouble.
ipv6 is perfect, just the users are to dull to realize it?
A solution to the problem "smartphone", nothing else. Hmm, imho it's not worth the trouble.
10
24.7 Production Series / Re: Can't extract latest ISO after download
« on: October 29, 2024, 05:50:02 pm »
Checked the sha256sum of the downloaded file?
Downloaded from Courier and
works flawlessly.
Downloaded from Courier and
Code: [Select]
bunzip2 OPNsense-24.7-vga-amd64.img.bz2 works flawlessly.
11
General Discussion / Re: Champagne anybody?
« on: October 29, 2024, 04:27:06 pm »
...too much champagne now? :-O
12
24.7 Production Series / Re: How edit or delete sshlockout firewall rules?
« on: October 29, 2024, 02:48:47 pm »
openAI?
13
General Discussion / Re: Champagne anybody?
« on: October 28, 2024, 08:23:18 pm »
Why have a VPN on an inherently unsafe platform? If you can't control the OS and can't be root, it's not your device in the first place. It's like band-aid on a ruptured aorta...
It's political, ipv6. ;-)
It's political, ipv6. ;-)
14
General Discussion / Re: Champagne anybody?
« on: October 28, 2024, 04:27:31 pm »
All I read here can be summarized: ipv6 helps nobody to solve a problem, but results in signifcant problems. NAT is for me a feature, not a bug.
So: ipv6 deserves to die quickly. and for ever...
So: ipv6 deserves to die quickly. and for ever...
15
General Discussion / Re: Champagne anybody?
« on: October 28, 2024, 02:02:46 pm »
ipv6 deserves to die. no solutions, only problems.